[glib-networking/glib-2-66] gnutls: fix threadsafety in g_tls_database_gnutls_verify_chain
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/glib-2-66] gnutls: fix threadsafety in g_tls_database_gnutls_verify_chain
- Date: Tue, 6 Apr 2021 19:20:30 +0000 (UTC)
commit b31b9f9d4b9a24bc4a290974da249fe94b1def75
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Apr 1 13:52:36 2021 -0500
gnutls: fix threadsafety in g_tls_database_gnutls_verify_chain
All priv members need to be locked, including priv->trust_list. Although
it is read-only once it is initialized, apparently still not safe to
share across threads.
https://bugzilla.redhat.com/show_bug.cgi?id=1937513
tls/gnutls/gtlsdatabase-gnutls.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
---
diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index 3825a35..3e8ca3e 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -43,7 +43,7 @@ typedef struct
*/
GMutex mutex;
- /* read-only after construct */
+ /* Read-only after construct, but still has to be protected by the mutex. */
gnutls_x509_trust_list_t trust_list;
/*
@@ -496,10 +496,12 @@ g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
+ g_mutex_lock (&priv->mutex);
gnutls_chain = convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain));
gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
gnutls_chain->chain, gnutls_chain->length,
0, &gnutls_result, NULL);
+ g_mutex_unlock (&priv->mutex);
if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
{
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]